in kdebase/kscreensaver/kscreensave.cpp: change: line 18: strcpy( buffer, getenv("HOME") ); to strncpy( buffer, getenv("HOME"), 256); and line 34: strcpy( buffer, KApplication::kde_bindir() ); to strncpy( buffer, KApplication::kde_bindir(), 256 ); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This one probably isn't crucial, but it's good programming anyway this fixes the exploit given and is a classic stack overflow exploit, the thing is KDE uses the getenv function multiple times to get the home directory (in other kde suites and programs as well) instead of getting it from the passwd file, strange. Most are not vulnerable cause they aren't suid, but it still seems to be bad programming since you can change the environment from the shell. The only suid programs are klock, kppp, and the *.kss files, I haven't checked the kss programs for bugs yet, but this will fix the klock. ==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-== | David Zhao UNIX Systems Admininstrator | Live Free or DIE | | Kellogg School of Management | | | |\ | | \ / | | ICQ Internet ID: 7892139 | | | | \ | | X | | Work Ph: (847) 467-3015 Pager: (847) 205-8674 | |_| | \| | / \ | | | "Sometimes I think I'm stupid, other times I just am"| | -- Dennis Kiilerich =============================================================================
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:54 PDT